jenkins-gitlab-harbor-ceph基于Kubernetes的CI/CD运用(二)
一张网图
因为我们使用了Docker in Docker技术,就是把jenkins部署在k8s里。jenkins master会动态创建slave pod,使用slave pod运行代码克隆,项目构建,镜像构建等指令操作。构成完成以后删除这个slave pod。减轻jenkins-master的负载,可以极大地提高资源利用率。
配置连接kubernetes
我们已经安装了Kubernetes插件,我们直接在jenkins中点击
manage jenkins -- > configure system -- > 拉到最底下有一个cloud。
新增一个cloud --> kubernetes
测试
podTemplate(label: 'pod-golang',
containers: [
containerTemplate(
name: 'golang',
image: 'golang',
ttyEnabled: true,
command: 'cat'
)
]
) {
node ('pod-golang') {
stage 'Switch to Utility Container'
container('golang') {
sh ("go version")
}
}
}
输出
# kubectl get pods -A -w
assembly pod-golang-qbcxr-fbc73 2/2 Running 0 28s
assembly pod-golang-qbcxr-fbc73 2/2 Terminating 0 69s
Started by user zisefeizhu
Running in Durability level: MAX_SURVIVABILITY
[Pipeline] Start of Pipeline
[Pipeline] podTemplate
[Pipeline] {
[Pipeline] node
Created Pod: pod-golang-qbcxr-gkbx2 in namespace assembly
Still waiting to schedule task
‘pod-golang-qbcxr-gkbx2’ is offline
Created Pod: pod-golang-qbcxr-4tn61 in namespace assembly
Created Pod: pod-golang-qbcxr-sqfqk in namespace assembly
Created Pod: pod-golang-qbcxr-lncp9 in namespace assembly
Created Pod: pod-golang-qbcxr-czccr in namespace assembly
Created Pod: pod-golang-qbcxr-3d6wq in namespace assembly
Created Pod: pod-golang-qbcxr-x9q5m in namespace assembly
Created Pod: pod-golang-qbcxr-fbc73 in namespace assembly
Agent pod-golang-qbcxr-fbc73 is provisioned from template pod-golang-qbcxr
---
apiVersion: "v1"
kind: "Pod"
metadata:
annotations:
buildUrl: "http://jenkins.assembly.svc.cluster.local/job/gitlab-citest-pipeline/4/"
runUrl: "job/gitlab-citest-pipeline/4/"
labels:
jenkins: "slave"
jenkins/label: "pod-golang"
name: "pod-golang-qbcxr-fbc73"
spec:
containers:
- command:
- "cat"
image: "golang"
imagePullPolicy: "IfNotPresent"
name: "golang"
resources:
limits: {}
requests: {}
securityContext:
privileged: false
tty: true
volumeMounts:
- mountPath: "/home/jenkins/agent"
name: "workspace-volume"
readOnly: false
- env:
- name: "JENKINS_SECRET"
value: "********"
- name: "JENKINS_AGENT_NAME"
value: "pod-golang-qbcxr-fbc73"
- name: "JENKINS_NAME"
value: "pod-golang-qbcxr-fbc73"
- name: "JENKINS_AGENT_WORKDIR"
value: "/home/jenkins/agent"
- name: "JENKINS_URL"
value: "http://jenkins.assembly.svc.cluster.local/"
image: "jenkins/jnlp-slave:3.35-5-alpine"
name: "jnlp"
volumeMounts:
- mountPath: "/home/jenkins/agent"
name: "workspace-volume"
readOnly: false
nodeSelector:
beta.kubernetes.io/os: "linux"
restartPolicy: "Never"
securityContext: {}
volumes:
- emptyDir:
medium: ""
name: "workspace-volume"
Running on pod-golang-qbcxr-fbc73 in /home/jenkins/agent/workspace/gitlab-citest-pipeline
[Pipeline] {
[Pipeline] stage (Switch to Utility Container)
Using the ‘stage’ step without a block argument is deprecated
Entering stage Switch to Utility Container
Proceeding
[Pipeline] container
[Pipeline] {
[Pipeline] sh
+ go version
go version go1.14.1 linux/amd64
[Pipeline] }
[Pipeline] // container
[Pipeline] }
[Pipeline] // node
[Pipeline] }
[Pipeline] // podTemplate
[Pipeline] End of Pipeline
Finished: SUCCESS
以上podTemplate是在Pipeline里面定义的
*注意name必须jnlp,如果不为jnlp pod会启两个容器
name必须jnlp Kubernetes 才能用自定义 images 指定的镜像替换默认的 jenkinsci/jnlp-slave 镜像
构建jenkins-slave镜像
github官方构建slave文档
https://github.com/jenkinsci/docker-jnlp-slave
# ll
总用量 80900
-rw-r--r-- 1 root root 596 3月 23 09:14 Dockerfile
-rwxr-xr-x 1 root root 38457344 3月 22 20:55 helm
-rw-r--r-- 1 root root 2229 3月 21 20:04 jenkins-slave
-rwxr-xr-x 1 root root 43491328 3月 23 09:13 kubectl
-rw-r--r-- 1 root root 619 3月 21 20:05 settings.xml
-rw-r--r-- 1 root root 877037 3月 23 08:40 slave.jar
# cat Dockerfile
FROM centos:7
LABEL maintainer lizhenliang
# 使镜像具有拖git仓库,编译java代码的能力
RUN yum install -y java-1.8.0-openjdk maven curl git libtool-ltdl-devel && \
yum clean all && \
rm -rf /var/cache/yum/* && \
mkdir -p /usr/share/jenkins
# 将获取到slave.jar放入镜像
COPY slave.jar /usr/share/jenkins/slave.jar
# jenkins-slave执行脚本
COPY jenkins-slave /usr/bin/jenkins-slave
# settings.xml中设置了aliyun的镜像
COPY settings.xml /etc/maven/settings.xml
RUN chmod +x /usr/bin/jenkins-slave
COPY helm kubectl /usr/bin/
ENTRYPOINT ["jenkins-slave"]
# cat jenkins-slave
#!/usr/bin/env sh
if [ $# -eq 1 ]; then
# if `docker run` only has one arguments, we assume user is running alternate command like `bash` to inspect the image
exec "$@"
else
# if -tunnel is not provided try env vars
case "$@" in
*"-tunnel "*) ;;
*)
if [ ! -z "$JENKINS_TUNNEL" ]; then
TUNNEL="-tunnel $JENKINS_TUNNEL"
fi ;;
esac
# if -workDir is not provided try env vars
if [ ! -z "$JENKINS_AGENT_WORKDIR" ]; then
case "$@" in
*"-workDir"*) echo "Warning: Work directory is defined twice in command-line arguments and the environment variable" ;;
*)
WORKDIR="-workDir $JENKINS_AGENT_WORKDIR" ;;
esac
fi
if [ -n "$JENKINS_URL" ]; then
URL="-url $JENKINS_URL"
fi
if [ -n "$JENKINS_NAME" ]; then
JENKINS_AGENT_NAME="$JENKINS_NAME"
fi
if [ -z "$JNLP_PROTOCOL_OPTS" ]; then
echo "Warning: JnlpProtocol3 is disabled by default, use JNLP_PROTOCOL_OPTS to alter the behavior"
JNLP_PROTOCOL_OPTS="-Dorg.jenkinsci.remoting.engine.JnlpProtocol3.disabled=true"
fi
# If both required options are defined, do not pass the parameters
OPT_JENKINS_SECRET=""
if [ -n "$JENKINS_SECRET" ]; then
case "$@" in
*"${JENKINS_SECRET}"*) echo "Warning: SECRET is defined twice in command-line arguments and the environment variable" ;;
*)
OPT_JENKINS_SECRET="${JENKINS_SECRET}" ;;
esac
fi
OPT_JENKINS_AGENT_NAME=""
if [ -n "$JENKINS_AGENT_NAME" ]; then
case "$@" in
*"${JENKINS_AGENT_NAME}"*) echo "Warning: AGENT_NAME is defined twice in command-line arguments and the environment variable" ;;
*)
OPT_JENKINS_AGENT_NAME="${JENKINS_AGENT_NAME}" ;;
esac
fi
#TODO: Handle the case when the command-line and Environment variable contain different values.
#It is fine it blows up for now since it should lead to an error anyway.
exec java $JAVA_OPTS $JNLP_PROTOCOL_OPTS -cp /usr/share/jenkins/slave.jar hudson.remoting.jnlp.Main -headless $TUNNEL $URL $WORKDIR $OPT_JENKINS_SECRET $OPT_JENKINS_AGENT_NAME "$@"
fi
# cat settings.xml
<?xml version="1.0" encoding="UTF-8"?>
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
<pluginGroups>
</pluginGroups>
<proxies>
</proxies>
<servers>
</servers>
<mirrors>
<mirror>
<id>central</id>
<mirrorOf>central</mirrorOf>
<name>aliyun maven</name>
<url>https://maven.aliyun.com/repository/public</url>
</mirror>
</mirrors>
<profiles>
</profiles>
</settings>
构建镜像并打上标签
# docker build . -t harbor.linux.com/jenkinsci/jenkins-slave-jdk:1.8
推送镜像到harbor
#docker push harbor.linux.com/jenkinsci/jenkins-slave-jdk:1.8
创建应用Pipeline动态构建测试
// 镜像仓库地址
def registry = "harbor.linux.com"
podTemplate(label: 'jenkins-agent', cloud: 'kubernetes',
containers: [
containerTemplate(
name: 'jnlp',
image: "${registry}/jenkinsci/jenkins-slave-jdk:1.8"
)],
volumes: [
hostPathVolume(mountPath: '/var/run/docker.sock', hostPath: '/var/run/docker.sock'),
hostPathVolume(mountPath: '/usr/bin/docker', hostPath: '/usr/bin/docker')
])
{
node("jenkins-agent"){
stage('拉取代码') { // for display purposes
echo 'ok'
}
stage('代码编译') {
echo 'ok'
}
stage('部署') {
echo 'ok'
}
}
}
输出
Started by user zisefeizhu
Running in Durability level: MAX_SURVIVABILITY
[Pipeline] Start of Pipeline
[Pipeline] podTemplate
[Pipeline] {
[Pipeline] node
Still waiting to schedule task
‘Jenkins’ doesn’t have label ‘jenkins-agent’
Created Pod: jenkins-agent-xnj85-cq1vx in namespace assembly
Agent jenkins-agent-xnj85-cq1vx is provisioned from template jenkins-agent-xnj85
---
apiVersion: "v1"
kind: "Pod"
metadata:
annotations:
buildUrl: "http://jenkins.assembly.svc.cluster.local/job/gitlab-citest-pipeline/18/"
runUrl: "job/gitlab-citest-pipeline/18/"
labels:
jenkins: "slave"
jenkins/label: "jenkins-agent"
name: "jenkins-agent-xnj85-cq1vx"
spec:
containers:
- env:
- name: "JENKINS_SECRET"
value: "********"
- name: "JENKINS_AGENT_NAME"
value: "jenkins-agent-xnj85-cq1vx"
- name: "JENKINS_NAME"
value: "jenkins-agent-xnj85-cq1vx"
- name: "JENKINS_AGENT_WORKDIR"
value: "/home/jenkins/agent"
- name: "JENKINS_URL"
value: "http://jenkins.assembly.svc.cluster.local/"
image: "harbor.linux.com/jenkinsci/jenkins-slave-jdk:1.8"
imagePullPolicy: "IfNotPresent"
name: "jnlp"
resources:
limits: {}
requests: {}
securityContext:
privileged: false
tty: false
volumeMounts:
- mountPath: "/var/run/docker.sock"
name: "volume-0"
readOnly: false
- mountPath: "/usr/bin/docker"
name: "volume-1"
readOnly: false
- mountPath: "/home/jenkins/agent"
name: "workspace-volume"
readOnly: false
nodeSelector:
beta.kubernetes.io/os: "linux"
restartPolicy: "Never"
securityContext: {}
volumes:
- hostPath:
path: "/var/run/docker.sock"
name: "volume-0"
- hostPath:
path: "/usr/bin/docker"
name: "volume-1"
- emptyDir:
medium: ""
name: "workspace-volume"
Running on jenkins-agent-xnj85-cq1vx in /home/jenkins/agent/workspace/gitlab-citest-pipeline
[Pipeline] {
[Pipeline] stage
[Pipeline] { (拉取代码)
[Pipeline] echo
ok
[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (代码编译)
[Pipeline] echo
ok
[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (部署)
[Pipeline] echo
ok
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // node
[Pipeline] }
[Pipeline] // podTemplate
[Pipeline] End of Pipeline
Finished: SUCCESS
# kubectl get pods --all-namespaces -w -o wide
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
assembly jenkins-agent-7hbn2-5kwwv 0/1 Pending 0 0s
assembly jenkins-agent-7hbn2-5kwwv 0/1 Pending 0 0s
assembly jenkins-agent-7hbn2-5kwwv 0/1 ContainerCreating 0 0s
assembly jenkins-agent-7hbn2-5kwwv 1/1 Running 0 3s
assembly jenkins-agent-7hbn2-5kwwv 1/1 Terminating 0 68s
assembly jenkins-agent-7hbn2-5kwwv 0/1 Terminating 0 72s
assembly jenkins-agent-7hbn2-5kwwv 0/1 Terminating 0 72s
assembly jenkins-agent-7hbn2-5kwwv 0/1 Terminating 0 77s
assembly jenkins-agent-7hbn2-5kwwv 0/1 Terminating 0 77s
会发现 jenkins-agent-xnj85-cq1vx 构建完成后自动删除
jenkins-gitlab-harbor-ceph基于Kubernetes的CI/CD运用(二)的更多相关文章
- jenkins-gitlab-harbor-ceph基于Kubernetes的CI/CD运用(一)
注:这部分的学习还是要靠自己多点点 多尝试尝试 这部分19年3月份我是玩的很溜的,一年没用,基本忘光光了. 学习要温故而知新! 流程拓扑图 前提准备 部署应用服务 部署kubernetes 集群:ht ...
- jenkins-gitlab-harbor-ceph基于Kubernetes的CI/CD运用(四)
前景提要 jenkins与gitlab结合,实现代码自动拉取:https://www.cnblogs.com/zisefeizhu/p/12548662.html jenkins与kubernetes ...
- jenkins-gitlab-harbor-ceph基于Kubernetes的CI/CD运用(三)
从最基础镜像到业务容器 构建 [为gitlab项目部署做铺垫] 业务镜像设计规划 目录结构 # pwd /data/k8s/app/myapp # tree . . ├── dockerfile │ ...
- 基于docker搭建Jenkins+Gitlab+Harbor+Rancher架构实现CI/CD操作
一.各个组件的功能描述: Docker 是一个开源的应用容器引擎. Jenkis 是一个开源自动化服务器. (1).负责监控gitlab代码.gitlab中配置文件的变动: (2).负责执行镜像文件的 ...
- 容器云平台No.10~通过gogs+drone+kubernetes实现CI/CD
什么是CI/CD 持续集成(Continous Intergration,CI)是一种软件开发实践,即团队开发成员经常集成它们的工作,通常每个成员每天至少集成一次,也就意味着每天可能会发生多次集成.每 ...
- 基于docker搭建Jenkins+Gitlab+Harbor+Rancher架构实现CI/CD操作(续)---Harbor的安装
前期安装文档:https://www.cnblogs.com/lq-93/p/11828626.html Harbor的作用: 开发提交代码至gitlab容器中,Jenkins拉取代码构建镜像 ...
- 基于docker搭建Jenkins+Gitlab+Harbor+Rancher架构实现CI/CD操作(续)
说明:前期的安装,请转向https://www.cnblogs.com/lq-93/p/11824039.html (4).查看gitlab镜像是否启动成功 docker inspect 容器id ...
- kubernetes的CI/CD
部署流程:把编码上传到gitlab上,使用webhook链接jenkins自动去编译docker镜像,然后上传到harbor本地docker镜像库中,再自动下载docker镜像,使用k8s控制dock ...
- Dockerfile+Jenkinsfile+GitLab轻松实现.NetCore程序的CI&CD
一.相关介绍 Dockerfile:关于Dockerfile的使用说明,我在文章<让.NetCore程序跑在任何有docker的地方>中有说到,这里不在赘述,需要的可以先看下,本文主要介绍 ...
随机推荐
- 吴裕雄--天生自然 R语言开发学习:聚类分析
#-------------------------------------------------------# # R in Action (2nd ed): Chapter 16 # # Clu ...
- http 详解
HTTP协议中GET.POST和HEAD的介绍 GET: 请求指定的页面信息,并返回实体主体. HEAD: 只请求页面的首部. POST: 请求服务器接受所指定的文档作为对所标识的URI的新的从属实体 ...
- rbenv、fish 與 VSCode 設置之路
在最新的 VSCode 1.3.1 版裡,Integrated Terminal 變得更加好用,但由於上游套件 xterm.js 的緣故,zsh 還是有無法捲動的問題.不過作為一個 Rails 開發者 ...
- string类应用举例
* Copyright (c) 2016,烟台大学计算机与控制工程学院 * All rights reserved. * 文件名:text.cpp * 作者:常轩 * 微信公众号:Worldhello ...
- SpringBoot图文教程8 — SpringBoot集成MBG「代码生成器」
有天上飞的概念,就要有落地的实现 概念十遍不如代码一遍,朋友,希望你把文中所有的代码案例都敲一遍 先赞后看,养成习惯 SpringBoot 图文教程系列文章目录 SpringBoot图文教程1「概念+ ...
- 使用thymeleaf模板实现博客评论的异步刷新
使用thymeleaf模板实现博客评论的异步刷新 最简单的一个要求:用户可以在博客下面进行评论,然后评论后点击提交后直接上传到数据库,并且局部刷新 这是前端页面的展示,使用的semanticUI进行构 ...
- 一起了解 .Net Foundation 项目 No.10
.Net 基金会中包含有很多优秀的项目,今天就和笔者一起了解一下其中的一些优秀作品吧. 中文介绍 中文介绍内容翻译自英文介绍,主要采用意译.如与原文存在出入,请以原文为准. LLILC LLILC ( ...
- PyQt5之俄罗斯方块
上个礼拜有个需求,对csv里的数据按条件进行拆分计算.一想到要做计算,少不了pandas.还有个要求最好是生成命令行工具或者带有界面. 于是尝试下,使用PyQt5做了个简单的UI界面给程序包个壳子,然 ...
- 常见WAF绕过思路
WAF分类 0x01 云waf 在配置云waf时(通常是CDN包含的waf),DNS需要解析到CDN的ip上去,在请求uri时,数据包就会先经过云waf进行检测,如果通过再将数据包流给主机. 0x02 ...
- XSS_跨站脚本攻击
前段时间在网上看到一个网址,好奇之下进去看了看.胜利的条件是你录入一个串,让其调用prompt(1) .发现里面有好多想不到的东西,今天终于悠闲了来这里说说XSS. XSS 原理 恶意攻击者往Web页 ...